Cisco Global Site Selector (GSS) contains a vulnerability whereby an attacker can specially craft HTTP requests to perform cross-site request forgery attacks. This can be used by remote attackers to arbitrarily send requests as an authenticated user to Cisco GSS.
Cisco Global Site Selector 3.2 and possibly earlier versions
No Exploit Available
Cross-Site Request Forgery
Cisco GSS allows users to trigger actions via HTTP requests, while failing to validate that the user is logged in. This allows attackers to submit arbitrary requests and have them executed.
BeyondTrust Prevention and Detection:
- 30394 - Cisco Global Site Selector Cross-Site Request Forgery (20130905) (Zero-Day)
No mitigations currently available.